The Wayback Machine - https://web.archive.org/web/20200721183603/https://github.com/advisories
Skip to content

GitHub Advisory Database

2,025 advisories

HTML injection through form field help text
CVE-2020-15118 (Moderate severity) was published Jul 20, 2020 wagtail (pip)
Command injection in upload method
CVE-2020-15123 (Moderate severity) was published Jul 20, 2020 codecov (npm)
Prototype Pollution in lodash
GHSA-p6mc-m468-83gw (Low severity) was published Jul 15, 2020 lodash (npm)
Broken access control on files
CVE-2019-14273 (Moderate severity) was published Jul 15, 2020 silverstripe/framework (Composer)
GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2020-111
GHSA-7xcx-6wjh-7xp2 (Moderate severity) was published Jul 13, 2020 standard-version (npm)
User passwords are stored in clear text in the Django session
CVE-2020-15105 (High severity) was published Jul 10, 2020 django-two-factor-auth (pip)
Stored XSS vulnerability when rendering data
CVE-2020-15092 (High severity) was published Jul 9, 2020 @knight-lab/timelinejs (npm)
Path Traversal in socket.io-file
GHSA-9h4g-27m8-qjrg (High severity) was published Jul 7, 2020 socket.io-file (npm)
Sensitive information exposure through logs
CVE-2020-15095 (Low severity) was published Jul 7, 2020 npm (npm)
Sensitive information exposure through logs
GHSA-jmqm-f2gx-4fjv (Low severity) was published Jul 7, 2020 npm-registry-fetch (npm)
Denial of service due to reference expansion in versions earlier than 4.0
GHSA-mm44-wc5p-wqhq (High severity) was published Jul 7, 2020 com.upokecenter:cbor (Maven)
Untrusted XML files
GHSA-vjv6-gq77-3mjw (Low severity) was published Jul 7, 2020 org.mapfish.print:print-lib (Maven)
No more used JSONP vulnerabilities
GHSA-w534-q4xf-h5v2 (Low severity) was published Jul 7, 2020 org.mapfish.print:print-lib (Maven)
Potentially sensitive data exposure
GHSA-wwgf-3xp7-cxj4 (Moderate severity) was published Jul 7, 2020 gos/web-socket-bundle (Composer)
CSRF Vulnerability in rails-ujs
CVE-2020-8167 (Moderate severity) was published Jul 7, 2020 actionview (RubyGems)
Potential remote code execution of user-provided local names in ActionView
CVE-2020-8163 (Moderate severity) was published Jul 7, 2020 actionview (RubyGems)
Context isolation bypass via Promise.then bug in V8
CVE-2020-15096 (Low severity) was published Jul 7, 2020 electron (npm)
Context isolation bypass via leaked cross-context objects
CVE-2020-4076 (High severity) was published Jul 7, 2020 electron (npm)
Context isolation bypass via contextBridge
CVE-2020-4077 (High severity) was published Jul 7, 2020 electron (npm)
Arbitrary file read via window-open IPC
CVE-2020-4075 (Moderate severity) was published Jul 7, 2020 electron (npm)
Directory traversal in Rack::Directory app bundled with Rack
CVE-2020-8161 (Moderate severity) was published Jul 6, 2020 rack (RubyGems)
Potential self-XSS when pasting content from malicious websites
CVE-2020-4061 (Low severity) was published Jul 2, 2020 october/october (Composer)
XML external entity injection in Terracotta Quartz Scheduler
CVE-2019-13990 (Moderate severity) was published Jul 1, 2020 org.quartz-scheduler:quartz (Maven)
Directory traversal in Apache RocketMQ
CVE-2019-17572 (Moderate severity) was published Jul 1, 2020 org.apache.rocketmq:rocketmq-broker (Maven)
Privilege escalation in mysql-connector-jav
CVE-2019-2692 (Moderate severity) was published Jul 1, 2020 mysql:mysql-connector-java (Maven)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.